[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security ...

Shane Bryzak sbryzak at redhat.com
Mon Nov 12 05:59:14 EST 2007 

  User: sbryzak2
  Date: 07/11/12 05:59:14

  Modified:    src/main/org/jboss/seam/security   Identity.java
                        RuleBasedIdentity.java
  Log:
  JBSEAM-2239 explicitly clear subject and security context on logout()
  
  Revision  Changes    Path
  1.105     +1 -0      jboss-seam/src/main/org/jboss/seam/security/Identity.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: Identity.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/Identity.java,v
  retrieving revision 1.104
  retrieving revision 1.105
  diff -u -b -r1.104 -r1.105
  --- Identity.java	7 Nov 2007 08:47:28 -0000	1.104
  +++ Identity.java	12 Nov 2007 10:59:14 -0000	1.105
  @@ -344,6 +344,7 @@
      public void logout()
      {
         principal = null;
  +      unAuthenticate();
         Session.instance().invalidate();
         Events.instance().raiseEvent(EVENT_LOGGED_OUT);
      }
  
  
  
  1.19      +15 -0     jboss-seam/src/main/org/jboss/seam/security/RuleBasedIdentity.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: RuleBasedIdentity.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/RuleBasedIdentity.java,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -b -r1.18 -r1.19
  --- RuleBasedIdentity.java	8 Oct 2007 15:18:15 -0000	1.18
  +++ RuleBasedIdentity.java	12 Nov 2007 10:59:14 -0000	1.19
  @@ -21,8 +21,10 @@
   import org.jboss.seam.annotations.Scope;
   import org.jboss.seam.annotations.Startup;
   import org.jboss.seam.annotations.intercept.BypassInterceptors;
  +import org.jboss.seam.core.Events;
   import org.jboss.seam.log.LogProvider;
   import org.jboss.seam.log.Logging;
  +import org.jboss.seam.web.Session;
   
   /**
    * Identity implementation that supports permission
  @@ -253,4 +255,17 @@
      {
         this.securityRules = securityRules;
      }   
  +   
  +   @Override
  +   public void logout()
  +   {
  +      // Explicitly destroy the security context
  +      if (securityContext != null)
  +      {
  +         securityContext.dispose();
  +         securityContext = null;
  +      }
  +      
  +      super.logout();
  +   }   
   }

More information about the jboss-cvs-commits mailing list